From 1c1ee54b74feaeaa5845cc3c44dcc83a624fbe53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carsten=20K=C3=B6nig?= Date: Sat, 24 Feb 2024 16:16:25 +0100 Subject: [PATCH] adds readme --- README.md | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++ compose.yml | 11 ++--- 2 files changed, 134 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index e69de29..03ba8d1 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,130 @@ +# autodok + +> restart your containers with a new image + +*autodok* provides an API to restart your running docker containers with a new image. +It is similar to [watchtower](https://containrrr.dev/watchtower/), but it does not poll for new images - *autodok* only updates images & containers on-demand. + +It is intended to be triggered by your CI pipeline, the recommended workflow is: + +1. You push new code +2. This triggers your CI to build & push a new image +3. Your CI sends a `POST` request to autodok with the name of your running container and the new image:tag +4. *autodok* will download the new image and restart the container with the new image + + +## How to + +### Setup + +You can run *autodok* as a docker container with docker compose: + +1. copy the included `compose.yml` to your server +2. make the service available by either uncommenting the port mapping or by exposing *autodok* via a reverse proxy of your choice (nginx, traefik, etc., **recommended**) +3. run `docker compose up -d` + +You should check the logs (`docker compose logs -f autodok`) and copy the provided API key. + +### Usage + +#### Manually + +Trigger *autodok* manually by sending a `POST` request to `/update`, e.g. to restart the container `foo` with the image `foo:latest`: + +```bash +curl -X POST "http://autodok.example.com/update" \ + -H "Authorization: $API_KEY" \ + -H "content-type: application/json" \ + -d '{"container": "foo", "image": "foo:latest"}' +``` + +#### CI + +You can send requests to *autodok* however you like. Run a bash script, write a custom application, etc. An example with github actions could look like this: + +```yaml + - name: trigger autodok deployment + uses: fjogeleit/http-request-action@v1 + with: + url: 'http://autodok.example.com/update' + timeout: 300000 + method: 'POST' + customHeaders: '{"Content-Type": "application/json", "Authorization": "${{ secrets.AUTODOK_API_KEY }}"}' + data: '{"container": "foo", "image": "foo:latest"}' +``` + +For this to work you need to add a new secret (settings / secrets / actions / repository secrets) named `AUTODOK_API_KEY` that is set to the correct value. + +## API + +Some endpoints in *autodok* require authorization. You have to send an `Authorization` header with the provided API key. The key will be logged each time when you start *autodok*, and you can always read it from `./data/api_key`. + +### Endpoints + +*autodok* exposes two endpoints: + +#### `GET /health` + +This is a simple healthcheck that returns `200 OK` if the docker daemon is reachable. It does not require authorization and is always available. + +#### `POST /update` + +This endpoint will check if a container with the provided name is running. If it is, it will download the provided image and restart the container with the new image and the same settings (volumes etc.) as before. +You have to send an `Authorization` header with the correct API key to use this endpoint. + +The following fields are supported in the request body: + +| field | example | required | description | +|------------------------|------------|-------------------------------------------------|-------------------------------------| +| container | foo | yes | Name of a **running** container | +| image | foo:latest | yes | Name and tag of an existing image | +| registry.serveraddress | ghcr.io | if the image is pushed to a private registry | Domain of a custom docker registry | +| registry.username | cars10 | if the image is pushed to a private registry | Username for custom docker registry | +| registry.password | foobar | if the image is pushed to a private registry | Password for custom docker registry | + +### Examples + +Healthcheck +```bash +curl -X GET "http://autodok.example.com/health" +``` + +Update container `elasticsearch` with new image `docker.elastic.co/elasticsearch/elasticsearch:8.8.0` +```bash +curl -X POST "http://autodok.example.com/update" \ + -H "Authorization: $API_KEY" \ + -H "content-type: application/json" \ + -d '{"container": "elasticsearch", "image": "docker.elastic.co/elasticsearch/elasticsearch:8.8.0"}' + +# response: +{"message":"Container 'elasticsearch' restarted with new image 'docker.elastic.co/elasticsearch/elasticsearch:8.8.0'"} +``` + +Update container `secret` with new image from private registry `ghcr.io/nsa/secret:42` +```bash +curl -X POST "http://autodok.example.com/update" \ + -H "Authorization: $API_KEY" \ + -H "content-type: application/json" \ + -d '{"container": "secret", "image": "ghcr.io/nsa/secret:42", "registry": {"serveraddress": "ghcr.io", "username": "$USERNAME", "password": "$PASSWORD"}}' + +# response: +{"message":"Container 'secret' restarted with new image 'ghcr.io/nsa/secret:42'"} +``` + +## FAQ & possible issues + +### Request timeouts + +Requests to `POST /update` might timeout depending on your setup. Please keep in mind that downloading and restarting a big docker image might take a few minutes - your timeout settings have to respect this. Remember to set timeouts for your proxy server **and** for the client that executes the request, e.g. the used github action. + +### Using a private registry + +You can download images from private registries by providing the optional registry field in the request body: `"registry": {"serveraddress": "", "username": "", "password": ""}` + +### Restarting multiple containers at once + +If you want to restart multiple containers you have to execute multiple requests, each containing the respective container name. + +## License + +MIT \ No newline at end of file diff --git a/compose.yml b/compose.yml index 4fcafb9..395b352 100644 --- a/compose.yml +++ b/compose.yml @@ -1,16 +1,13 @@ services: autodok: - image: autodok + image: cars10/autodok container_name: autodok - ports: - - 127.0.0.1:3000:3000 + restart: always + #ports: + # - 3000:3000 volumes: - /var/run/docker.sock:/var/run/docker.sock - ./data:/data - environment: - DEFAULT_REGISTRY_ADDRESS: $DEFAULT_REGISTRY_ADDRESS - DEFAULT_REGISTRY_USERNAME: $DEFAULT_REGISTRY_USERNAME - DEFAULT_REGISTRY_PASSWORD: $DEFAULT_REGISTRY_PASSWORD healthcheck: test: curl --fail http://localhost:3000/health || exit 1 interval: 30s